CVE-2019-17224 — MEDIUM (5.3)

Vulnerability Description

The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Compal	Ch7465Lg Firmware	ch7465lg-ncip-6.12.18.25-2p6-nosh
Compal	Ch7465Lg	-

Related Weaknesses (CWE)

CWE-22

References

https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-routeExploitThird Party Advisory
https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdfThird Party Advisory
https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-routeExploitThird Party Advisory
https://www.search-lab.hu/media/Compal_CH7465LG_Evaluation_Report_1.1.pdfThird Party Advisory

FAQ

What is CVE-2019-17224?

CVE-2019-17224 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the exi...

How severe is CVE-2019-17224?

CVE-2019-17224 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-17224?

Check the references section above for vendor advisories and patch information. Affected products include: Compal Ch7465Lg Firmware, Compal Ch7465Lg.